Total
4110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19937 | 1 Videolan | 1 Vlc For Mobile | 2025-05-06 | 6.6 Medium |
| A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | ||||
| CVE-2022-2572 | 1 Octopus | 1 Octopus Server | 2025-05-06 | 9.8 Critical |
| In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | ||||
| CVE-2022-22935 | 1 Saltstack | 1 Salt | 2025-05-05 | 3.7 Low |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master. | ||||
| CVE-2022-22730 | 1 Intel | 1 Edge Insights For Industrial | 2025-05-05 | 9.8 Critical |
| Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2021-0193 | 1 Ibm | 1 In-band Manageability | 2025-05-05 | 7.2 High |
| Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | ||||
| CVE-2022-38744 | 1 Rockwellautomation | 1 Factorytalk Alarms And Events | 2025-05-05 | 7.5 High |
| An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML. | ||||
| CVE-2024-21390 | 1 Microsoft | 1 Authenticator | 2025-05-03 | 7.1 High |
| Microsoft Authenticator Elevation of Privilege Vulnerability | ||||
| CVE-2024-21427 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2025-05-03 | 7.5 High |
| Windows Kerberos Security Feature Bypass Vulnerability | ||||
| CVE-2022-39019 | 1 M-files | 1 Hubshare | 2025-05-02 | 6.3 Medium |
| Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | ||||
| CVE-2022-39018 | 1 M-files | 1 Hubshare | 2025-05-02 | 8.2 High |
| Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | ||||
| CVE-2025-29906 | 2025-05-02 | 8.6 High | ||
| Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11. | ||||
| CVE-2022-27510 | 1 Citrix | 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway | 2025-05-01 | 9.8 Critical |
| Unauthorized access to Gateway user capabilities | ||||
| CVE-2022-39892 | 1 Samsung | 1 Pass | 2025-05-01 | 3.6 Low |
| Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. | ||||
| CVE-2022-38119 | 1 Upspowercom | 1 Upsmon Pro | 2025-05-01 | 9.8 Critical |
| UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service. | ||||
| CVE-2022-39038 | 1 Flowring | 1 Agentflow | 2025-05-01 | 8.8 High |
| Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service. | ||||
| CVE-2024-40713 | 1 Veeam | 2 Backup \& Replication, Veeam Backup \& Replication | 2025-05-01 | 7.8 High |
| A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | ||||
| CVE-2022-44244 | 1 Lin-cms Project | 1 Lin-cms | 2025-05-01 | 6.6 Medium |
| An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | ||||
| CVE-2022-31686 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 9.8 Critical |
| VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | ||||
| CVE-2022-31685 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 9.8 Critical |
| VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | ||||
| CVE-2022-34331 | 1 Ibm | 1 Powervm Hypervisor | 2025-05-01 | 5.5 Medium |
| After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. | ||||